Alert (TA07-024A)
Cisco IOS is Affected by Multiple Vulnerabilities
Systems Affected
- Cisco network devices running IOS in various configurations
Overview
Several vulnerabilities have been discovered in Cisco's Internet Operating System (IOS). A remote attacker may be able to execute arbitrary code on an affected device, cause an affected device to reload the operating system, or cause other types of denial of service.
Description
Cisco has published three advisories describing flaws in IOS with various security impacts, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system. Further details are available in the following vulnerability notes:
VU#217912 - Cisco IOS fails to properly process TCP packets
The Cisco IOS Transmission Control Protocol listener in certain versions of Cisco IOS software contains a memory leak. This memory leak may allow an attacker to create a denial-of-service condition.
VU#341288 - Cisco IOS fails to properly prcoess certain packets containing a crafted IP option
A vulnerability exists in the way Cisco IOS processes a number of different types of IPv4 packets containing a specially crafted IP option. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code on an affected device or create a denial-of-service condition
VU#274760 - Cisco IOS fails to properly process specially crafted IPv6 packets
Cisco IOS fails to properly process IPv6 packets with specially crafted routing headers. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code on an affected device or create a denial-of-service condition.
Impact
Although the resulting impacts of these three vulnerabilities is slightly different, in the case of VU#341288 and VU#274760, a remote attacker could cause an affected device to reload the operating system. In some cases, this creates a secondary denial-of-service condition because packets are not forwarded through the affected device while it is reloading. Repeated exploitation of these vulnerabilites may result in a sustained denial-of-service condition.
Because devices running IOS may transmit traffic for a number of other networks, the secondary impacts of a denial of service may be severe.
Also in the case of VU#341288 and VU#274760, successful exploitation may allow a remote attacker to execute arbitrary code on an affected device.
Solution
Upgrade to a fixed version of IOS
Cisco has updated versions of its IOS software to address these vulnerabilities. Please refer to the "Software Versions and Fixes" sections of the Cisco Security Advisories listed in the References section of this document for more information on upgrading.
Workaround
Cisco has also published practical workarounds for these vulnerabilities. Please refer to the "Workarounds" section of each Cisco Security Advisory listed in the References section of this document for more information.
Sites that are unable to install an upgraded version of IOS are encouraged to implement these workarounds.
References
- US-CERT Vulnerability Note VU#217912 - <http://www.kb.cert.org/vuls/id/217912>
- US-CERT Vulnerability Note VU#341288 - <http://www.kb.cert.org/vuls/id/341288>
- US-CERT Vulnerability Note VU#274760 - <http://www.kb.cert.org/vuls/id/274760>
- Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of Service - <http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml>
- Cisco Security Advisory: Crafted IP Option Vulnerability - <http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml>
- Cisco Security Advisory: Cisco Security Advisory: IPv6 Routing Header Vulnerability - <http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml>
Revision History
-
January 24, 2007: Initial release
This product is provided subject to this Notification and this Privacy & Use policy.
